diff options
| author | Bernard Spil <brnrd@FreeBSD.org> | 2021-09-22 08:59:34 +0000 |
|---|---|---|
| committer | Bernard Spil <brnrd@FreeBSD.org> | 2021-09-22 08:59:34 +0000 |
| commit | bfdfd97b034e6db49daf76b2a5c78eac91cf3071 (patch) | |
| tree | a1c4772bc2740e9d589c31d5ca77446696ec1e1d /security/vuxml/vuln-2021.xml | |
| parent | 2635157516b767319be9604e917df1672a3d5f87 (diff) | |
| download | ports-bfdfd97b034e6db49daf76b2a5c78eac91cf3071.tar.gz ports-bfdfd97b034e6db49daf76b2a5c78eac91cf3071.zip | |
security/vuxml: Document mod_auth_mellon vulnerability
Diffstat (limited to 'security/vuxml/vuln-2021.xml')
| -rw-r--r-- | security/vuxml/vuln-2021.xml | 28 |
1 files changed, 28 insertions, 0 deletions
diff --git a/security/vuxml/vuln-2021.xml b/security/vuxml/vuln-2021.xml index d31a3c2a7732..f36c9d6900f2 100644 --- a/security/vuxml/vuln-2021.xml +++ b/security/vuxml/vuln-2021.xml @@ -1,3 +1,31 @@ + <vuln vid="7bba5b3b-1b7f-11ec-b335-d4c9ef517024"> + <topic>mod_auth_mellon -- Redirect URL validation bypass</topic> + <affects> + <package> + <name>mod_auth_mellon</name> + <range><lt>0.18.0</lt></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml"> + <p>Jakub Hrozek reports:</p> + <blockquote cite="https://github.com/latchset/mod_auth_mellon/releases/tag/v0.18.0"> + <p>Version 0.17.0 and older of mod_auth_mellon allows the redirect URL + validation to be bypassed by specifying an URL formatted as + ///fishing-site.example.com/logout.html</p> + </blockquote> + </body> + </description> + <references> + <cvename>CVE-2019-13038</cvename> + <url>https://github.com/latchset/mod_auth_mellon/releases/tag/v0.18.0</url> + </references> + <dates> + <discovery>2021-07-30</discovery> + <entry>2021-09-22</entry> + </dates> + </vuln> + <vuln vid="7062bce0-1b17-11ec-9d9d-0022489ad614"> <topic>Node.js -- August 2021 Security Releases (2)</topic> <affects> |